Подскажите ,пожалуйста, как надо правильно настроить, что бы через VPN можно было заходить на ipv6 сайты.
/etc/network/interfaces
# The primary network interface
auto ens3
iface ens3 inet static
address 86.110.xx.xx
netmask 255.255.252.0
network 86.110.116.0
broadcast 86.110.119.255
gateway 86.110.116.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8
dns-search tk
iface ens3 inet6 static
address 2a06:47c6::xxx
netmask 32
gateway 2a06:47c6::1
server.conf
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
port 1194
# TCP or UDP server?
;proto tcp
proto udp
;dev tap
dev tun
tun-ipv6
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "route-ipv6 0::/3"
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
;cipher BF-CBC # Blowfish (default)
cipher AES-128-CBC # AES
auth SHA256
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
Пользовательский скрипт
client
;dev tap
dev tun
tun-ipv6
;dev-node MyTap
;proto tcp
proto udp
remote 86.110.xx.xx 1194
;remote-random
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
auth SHA256
remote-cert-tls server
;tls-auth ta.key 1
key-direction 1
# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
comp-lzo
verb 3
;mute 20
Лог подключения
Wed May 03 21:42:33 2017 NOTE: --user option is not implemented on Windows
Wed May 03 21:42:33 2017 NOTE: --group option is not implemented on Windows
Wed May 03 21:42:33 2017 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Wed May 03 21:42:33 2017 Windows version 6.1 (Windows 7) 64bit
Wed May 03 21:42:33 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
Wed May 03 21:42:33 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Wed May 03 21:42:33 2017 Need hold release from management interface, waiting...
Wed May 03 21:42:34 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Wed May 03 21:42:34 2017 MANAGEMENT: CMD 'state on'
Wed May 03 21:42:34 2017 MANAGEMENT: CMD 'log all on'
Wed May 03 21:42:34 2017 MANAGEMENT: CMD 'hold off'
Wed May 03 21:42:34 2017 MANAGEMENT: CMD 'hold release'
Wed May 03 21:42:34 2017 Control Channel Authentication: tls-auth using INLINE static key file
Wed May 03 21:42:34 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed May 03 21:42:34 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed May 03 21:42:34 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 03 21:42:34 2017 UDPv4 link local: [undef]
Wed May 03 21:42:34 2017 UDPv4 link remote: [AF_INET]86.110.118.54:1194
Wed May 03 21:42:34 2017 MANAGEMENT: >STATE:1493822554,WAIT,,,
Wed May 03 21:42:34 2017 MANAGEMENT: >STATE:1493822554,AUTH,,,
Wed May 03 21:42:34 2017 TLS: Initial packet from [AF_INET]86.110.118.54:1194, sid=358b8f99 d1136c30
Wed May 03 21:42:35 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Wed May 03 21:42:35 2017 Validating certificate key usage
Wed May 03 21:42:35 2017 ++ Certificate has key usage 00a0, expects 00a0
Wed May 03 21:42:35 2017 VERIFY KU OK
Wed May 03 21:42:35 2017 Validating certificate extended key usage
Wed May 03 21:42:35 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed May 03 21:42:35 2017 VERIFY EKU OK
Wed May 03 21:42:35 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Wed May 03 21:42:35 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed May 03 21:42:35 2017 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed May 03 21:42:35 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed May 03 21:42:35 2017 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed May 03 21:42:35 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed May 03 21:42:35 2017 [server] Peer Connection Initiated with [AF_INET]86.110.118.54:1194
Wed May 03 21:42:36 2017 MANAGEMENT: >STATE:1493822556,GET_CONFIG,,,
Wed May 03 21:42:37 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed May 03 21:42:37 2017 PUSH: Received control message: 'PUSH_REPLY,route-ipv6 0::/3,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0'
Wed May 03 21:42:37 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed May 03 21:42:37 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed May 03 21:42:37 2017 OPTIONS IMPORT: route options modified
Wed May 03 21:42:37 2017 OPTIONS IMPORT: route-related options modified
Wed May 03 21:42:37 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed May 03 21:42:38 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=19 HWADDR=94:de:80:c5:a4:4a
Wed May 03 21:42:38 2017 ROUTE6: default_gateway=UNDEF
Wed May 03 21:42:38 2017 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Wed May 03 21:42:38 2017 OpenVPN ROUTE: failed to parse/resolve route for host/network: 0::/3
Wed May 03 21:42:38 2017 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Wed May 03 21:42:38 2017 MANAGEMENT: >STATE:1493822558,ASSIGN_IP,,10.8.0.3,
Wed May 03 21:42:38 2017 open_tun, tt->ipv6=1
Wed May 03 21:42:38 2017 TAP-WIN32 device [Подключение по локальной сети 13] opened: \\.\Global\{C7331B05-7852-4B3D-ACE4-F9D109C909F4}.tap
Wed May 03 21:42:38 2017 TAP-Windows Driver Version 9.21
Wed May 03 21:42:38 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.3/255.255.255.0 [SUCCEEDED]
Wed May 03 21:42:38 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.3/255.255.255.0 on interface {C7331B05-7852-4B3D-ACE4-F9D109C909F4} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Wed May 03 21:42:38 2017 Successful ARP Flush on interface [28] {C7331B05-7852-4B3D-ACE4-F9D109C909F4}
Wed May 03 21:42:44 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Wed May 03 21:42:44 2017 C:\Windows\system32\route.exe ADD 86.110.xx.xx MASK 255.255.255.255 192.168.1.1
Wed May 03 21:42:44 2017 Route addition via IPAPI succeeded [adaptive]
Wed May 03 21:42:44 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Wed May 03 21:42:44 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed May 03 21:42:44 2017 Route addition via IPAPI succeeded [adaptive]
Wed May 03 21:42:44 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Wed May 03 21:42:44 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed May 03 21:42:44 2017 Route addition via IPAPI succeeded [adaptive]
Wed May 03 21:42:44 2017 Initialization Sequence Completed
Wed May 03 21:42:44 2017 MANAGEMENT: >STATE:1493822564,CONNECTED,SUCCESS,10.8.0.3,86.110.xx.xx
Сервер Ubuntu 16.04
Клиент Windows